From editor@telecom-digest.org Fri Sep 3 02:45:27 2004 Received: (from ptownson@localhost) by massis.lcs.mit.edu (8.11.6p3/8.11.6) id i836jRB24511; Fri, 3 Sep 2004 02:45:27 -0400 (EDT) Date: Fri, 3 Sep 2004 02:45:27 -0400 (EDT) From: editor@telecom-digest.org Message-Id: <200409030645.i836jRB24511@massis.lcs.mit.edu> X-Authentication-Warning: massis.lcs.mit.edu: ptownson set sender to editor@telecom-digest.org using -f To: ptownson Approved: patsnewlist Subject: TELECOM Digest V23 #411 TELECOM Digest Fri, 3 Sep 2004 02:45:00 EDT Volume 23 : Issue 411 Inside This Issue: Editor: Patrick A. Townson Charter Customers May Get Free Services (Monty Solomon) EFFEctor 17.32 Stop Government Blacklists (Monty Solomon) Apache Rejects Sender ID Proposal (Monty Solomon) Re: Website Offers Caller I.D. Falsification Service (Jack Decker) Re: Website Offers Caller I.D. Falsification Service (AES/newspost) Re: Website Offers Caller I.D. Falsification Service (W Rupprecht) Re: Spreading Spam (Destined) Re: Party Lines No More? (John McHarry) September Share Day (TELECOM Digest Editor) All contents here are copyrighted by Patrick Townson and the individual writers/correspondents. Articles may be used in other journals or newsgroups, provided the writer's name and the Digest are included in the fair use quote. By using -any name or email address- included herein for -any- reason other than responding to an article herein, you agree to pay a hundred dollars to the recipients of the email. =========================== Addresses herein are not to be added to any mailing list, nor to be sold or given away without explicit written consent. Chain letters, viruses, porn, spam, and miscellaneous junk are definitely unwelcome. We must fight spam for the same reason we fight crime: not because we are naive enough to believe that we will ever stamp it out, but because we do not want the kind of world that results when no one stands against crime. Geoffrey Welsh =========================== See the bottom of this issue for subscription and archive details and the name of our lawyer; other stuff of interest. ---------------------------------------------------------------------- Date: Fri, 3 Sep 2004 00:47:32 -0400 From: Monty Solomon Subject: Charter Customers May Get Free Services By JIM SUHR AP Business Writer ST. LOUIS (AP) -- Charter Communications Inc. subscribers may get free premium services under a proposed settlement the nation's third-largest cable TV systems operator reached in a lawsuit over questioned charges. As part of the deal detailed in the company's full-page advertisement Thursday in USA Today, eligible customers may be able to choose six months of free high-speed Internet service, service upgrades or movie channel service. Other options include six free pay-per-view or video-on-demand selections. St. Louis-based Charter, controlled by Microsoft Corp. co-founder Paul Allen, has more than 6 million customers in 37 states. It was not immediately clear how many consumers would be eligible for the free services or the settlement's cost to Charter, though trade magazine Multichannel News reported Monday that amount may reach as much as $200 million, depending on which compensation customers choose. The settlement applies to people who subscribed to Charter's residential cable TV service before July 8 and paid a fee to participate in the company's wire-maintenance plan, or who paid a fee to rent an analog or digital converter box while getting basic or expanded basic service. - http://finance.lycos.com/home/news/story.asp?story=43472089 ------------------------------ Date: Fri, 3 Sep 2004 00:54:05 -0400 From: Monty Solomon Subject: EFFector 17.32: Alert - Stop Government Blacklists! EFFector Vol. 17, No. 32 September 2, 2004 donna@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 In the 304th Issue of EFFector: * Action Alert: Stop Government Blacklists! * CA Alert: Ask Governor Schwarzenegger to Put Paper Trails on the Books * Skylink Wins Appeal in Garage Door Opener Case: Court Rules Copyright Law Cannot Be Used to Stifle Competition * CAPPS II Returns from Summer Vacation as "Secure Flight" * Only 61 Days Until the Election - Register to Vote Now! * MiniLinks (16): Bush Forms Civil Liberties Board * Administrivia http://www.eff.org/effector/17/32.php ------------------------------ Date: Fri, 3 Sep 2004 00:22:29 -0400 From: Monty Solomon Subject: Apache Rejects Sender ID Proposal The Apache Project has rejected the Sender ID proposal for e-mail user authentication, saying the terms of Microsoft's license for the underlying technology makes it incompatible with open source software. The decision illustrates how anti-spam efforts have become the latest battleground between the open source community and Microsoft. Apache's decision, outlined in a letter to the Internet Engineering Task Force (IETF), culminates weeks of discussion among the IETF, Microsoft and open source advocates over whether Sender ID could work as a standard framework for anti-spam measures. http://news.netcraft.com/archives/2004/09/02/apache_rejects_sender_id_proposal.html ------------------------------ Date: Thu, 02 Sep 2004 22:54:49 -0400 From: Jack Decker Subject: Re: Website Offers Caller I.D. Falsification Service Pat, please conceal my e-mail address. You wrote: > Ditto with spam and virii hassles. If Microsoft, and the makers of > hardware got together and devised a nearly foolproof method of > *absolutely without question identifying every piece of equipment > out there* then spam and virus writing/spreading would come to a > screaming halt. ..... Pat, you seem to forget one thing -- what goes out to the Internet can always be diddled with by the user. A personal computer is not like a cell phone -- it can be (and often is) built from parts. Therefore the user has control of what goes out over the net connection. Even if, some way, somehow, they figured out a way to send out an ID that the user could not diddle with, all the spammer would have to do is install a firewall that looks for that ID and strips it out. And if nobody will accept e-mail that has the ID stripped out, then the spammer will just steal valid ID's from other user machines. There are so many holes in this scheme that I can't figure it will do anything but make users who value their privacy shun the products of whatever company is crazy enough to implement it. I think you were on the right track with your other idea. Let's say they passed a law that said that for every piece of bona fide spam that a user receives and forwards to his ISP, he gets one month of free service. But, the ISP would be entitled to submit the spam to whichever system passed it along to them (the system that actually connected to their system to deliver the e-mail) and collect the value of the month of service, plus a reasonable billing fee (which could be set high enough to cover the "uncollectibles", that is, the systems they cannot collect from). So there would be an absolute rule - if spam passes through your system, you are liable to the party you passed it to, but the person that passed it to you is liable for whatever you were billed plus *your* billing fee. Note that as the spam keeps getting passed closer to the source, every party in the chain is entitled to add *their* billing fee. Now at some point one of three things will happen. One, it will get back to the system that furnished connectivity to the spammer, and they will hand the bill to the spammer (who more than likely will not pay willingly), so they get stuck paying the bill and possibly hauling the spammer into court. A few times of that happening and they will learn to be very picky about who they give connectivity to. Two, it will wind up pointing to some innocent user who's had his machine "hijacked". At that point, whoever supplies his connectivity will decide that maybe they should be suspicious when a user that normally sends one or two e-mails a day starts blasting out thousands (more on that in a moment). Three, it will wind up at the system that accepted the incoming e-mail from another country, and they will be faced with the prospect of collecting from an ISP in another country. Of course they will pass the bill along to the "foreign" ISP, but that ISP is under no legal obligation to pay in their home country, and they might not. So if they don't, the "gateway" operator must decide whether they are willing to accept any more traffic from that system. What will very quickly happen is that the foreign ISP's will discover that they must indeed pay the bill, legal obligation or not, or else they will find that no U.S. gateway will accept their e-mail, legitimate or not. When the system first starts you do a "dry run" for six months -- users are encouraged to report spam, but don't receive the free service. ISP's generate the "bills" and pass them upstream, but no payment is required. This gives everyone a chance to see how the system will work, and to identify which systems are sending spam before they incur any financial penalty (so that no ISP suddenly gets hit with 8,000 real bills when they had no idea that there was a spammer on their system). After the six months it goes into effect for real. By then the ISP's presumably have put technologies in place to limit the potential damage. One such technology might be figuring out the patterns of their various customers, similar to what credit card companies do when they offer fraud protection. As I noted above, if a customer that is normally a light user of e-mail suddenly starts blasting out e-mails by the hundreds, you may at least want to take a look at a random sample to see if he's sending out wedding invitations or spam. Presumably there are automated techniques that can deal with this, so that a real human would only have to look at messages in exceptional cases. I suppose there are some flaws in this (no plan is perfect) but it would be one way of handling the situation (with suitable modifica- tions to handle any valid objections, of course). What do you think? Jack [TELECOM Digest Editor's Note: Jack, you sound like a typical netter with all your objections and all your reasons why a reasonably good plan will not work so there is nothing do except sit around wringing our hands and wait until the ratio gets as close to one hundred percent garbage as possible. I will suggest if people can use home brew computers to get on the net, why can't people quit paying for cell phone service entirely and work entirely from home brew cell phones. Ah, but you say without a valid ESN their home brew or other- wise cell phone won't get out. Every tower in the world will stop them dead in their tracks. And people can jerry rig all the cellphones they want, but that magic ESN is embedded in a bit of glue buried on the mother board somewhere, burned in at the factory and no one but a damned fool or a masochist would try to swap it out. Ah ... right! So a result, only damned fools and masochists try to swap out ESNs and still expect the phone to work. Ergo, while fraud with stolen cell phones *does* exist, its a relatively minor problem. Hackers, etc do tamper with cellphone software, the telephone numbers assigned to cell phones, etc, but as a worst case scenario, when cellco has had enough fraud that particular unit becomes useless. The tower is told just do not accept anything more from that ESN regardless. At that point, you the fraudster have a choice of tossing the phone or attempting (if you have the experience) to change the burned in ESN or selling or paying someone else to do it for you. In any event, it costs you money and slows you down. Now let us assume the computer factory (Apple or whoever) embeds a little chip on the mother board somewhere and buries it in wax and glue, making it almost impossible to get out or replace, much as cell phones are constructed. Yes, a damn fool or a masochist *probably could get it out, (maybe the same guys who do it with cell phones) and to the average user, the end result would be a busted up, shorted out mother board. If a computer hardware person took the whole computer apart and looked at the mother board, they would see that ugly looking waxed up glued over little chip. Now what kind of a number would be burned into that little chip, its CSN or 'computer serial number'? I suggest something like Microsoft has done with the latest version of XP. The number would be a mathematical formula constructed on the various parts of the computer: two hard drives, one floppy, some type or another of monitor, mouse, keyboard, etc. In other words, the factory sells you an OEM, with all the above parts, and burns that number combination in the chip. But you say you built your own computer with a hard drive here, a floppy from there, an old TV set for a monitor, a mouse you got from Best Buy and a camera you bought at Walmart. Motorola cell phones had an answer for that also. The end user was permitted to reprogram a few variables *three times only* before it would lock up entirely, and (in theory at least) the unit had to go back to the factory or an authorized dealer for a reset, which involved some hardware to be attached. Not impossible, just a pain in the butt for guys. Now here is here Microsoft or Linux or Apple or whichever software maker whose operating system you plan to install in your home brew computer enters the picture: You put in your copy of XP or Linux or whatever. Just as the OS now demands you insert an *accurate* rendering of your 'product key' based on its own on the fly calculation of your system (remember how if the system is 'changed substantially' Microsoft demands it to be re-registered), the operating system -- and operating system only -- would rewrite or burn that little waxed over, glued on little chip a second time, or even a third time, or hell, to be generous if you wish, a fourth time, then it locks up. No more re-writes short of hauling the entire thing back to an 'authorized dealer' who attaches his little odd cable somewhere and 'zeros out' the counter -- not writes in the number, which the operating system calculates based on peripherals, etc -- just zeros it out so you can start over. No one knows how the OS calculates those number, no one except Microsoft (as in XP) or the factory as in an OEM shipped out for the first time. It just happens is all. The final one or two digits in the CSM would be mathematical proof on the remainder of the CSM which was generated by the OS or the factory based on your equipment and perhaps part of your usual IP address. In other words an extremely complex arrangement of letters and numbers. If you attempted to bluff your way past your own firewall it would be very unlikely you could get the check digits correct even if you did figure out how the OS looked at your peripherals. So you say you will just look for that string at your firewall and omit it entirely ... uh, uh ... or you will just substitute a new string of alphanumerics... uh, uh ... the ISP will be under much pressure to disallow any blank or mathematically miscalculated strings coming from your firewall to him, and your computer OS simply won't function at all without that correct CSM. So if your computer does not stop you, or with much effort you bluff your way past it, then the ISP stops you. The ISP looks at the math, and your computer generates the 'math problem'. Either part of it goes wrong, and you don't get to do your spam for today. Remember, the little waxed over glued in place microchip (just touch the solder and it all falls apart in your hands) contains both the 'math problem' and its check-sum solution. I guess I am saying there has to be a partnership between computer factories and people like Microsoft on the one side and the ISPs on the other side. The ISPs would continue to do their usual stumbling blocks for spammers as well on no open relays, etc. I am suggesting much could be done to make casual spamming a very time consuming and expensive task; something that would put a large number of spammes out of business. And then Jack, your 'pass the buck along up the ladder' would also add good pressure. Plus which, some of these prima donnas with their constant whining are going to have to give in to the other side as well. I am reminded of why so little of any positive value happens in politics: everyone involved thinks that if a good thing happens the other guys will get the credit; but if something bad happens, *they* will be the ones to catch hell for it. That is the same way on the net. PAT] ------------------------------ From: AES/newspost Subject: Re: Website Offers Caller I.D. Falsification Service Date: Thu, 02 Sep 2004 14:13:12 -0700 In article , TELECOM Digest Editor noted in response to DevilsPGD : > I for one, cannot see why *any* user or subscriber should ever be > allowed to tamper with their own caller ID. I can. A business, an organization, even an individual has several "functions" or lines of business -- call 'em A, B and C. They want to publish 3 distinct phone numbers that they will always maintain open for *incoming* calls that concern A, B or C. (And also maybe they want regular customers or call recipients that they call *out* to be able to identify in an automated fashion whether the call they're receiving has to do with A, B or C.) But, maybe the organization has people making outgoing calls from phone lines all over the place, or from temporary setups, or calls concerning different subjects at different times. Allowing these outgoing calls to be given the appropriate Caller ID for the function A, B or C associated with the given call, no matter who makes 'em or from where, seems perfectly sensible to me. [TELECOM Digest Editor's Note: Can't you think of any more hypothetical examples why you must be allowed to tamper with your caller ID? I mean, that's all totally ridiculous. Tell your people to walk over to an 'A' phone or a 'B' phone or a 'C' phone and use the appropriate line for the particular business. PAT] ------------------------------ Subject: Re: Website Offers Caller I.D. Falsification Service From: wolfgang+gnus20040902T142944@dailyplanet.dontspam.wsrcc.com Organization: W S Rupprecht Computer Consulting, Fremont CA Date: Thu, 02 Sep 2004 21:52:25 GMT > [TELECOM Digest Editor's Note: ... I for one, cannot see why *any* > user or subscriber should ever be allowed to tamper with their own > caller ID. Right now I have a few DID numbers that only get used for incoming calls. My asterisk pbx routes them to one of the three VOIP phones in the house. I also have one shared outgoing-only VOIP account with a different company that gives me a great price of 2-cents/minute. For outgoing calls through this service I set the CID information to be the DID phone number that is needed to call back the phone that is making that call. There are quite a few people that use the dialback button on their phone to try to call you. Half the folks I know seem to ignore the number you leave for them and just call back whatever showed up on CID. If phone companies weren't such Neanderthals they could RSA/MD5/etc sign a cookie corresponding to your DID numbers. They would then give you this cookie and you could pass to any switching equipment to "register" the outgoing CID you wanted to use for that call. If you didn't have a valid cookie signed by the owner of that DID allocation then the switching equipment wouldn't let you change the outgoing CID. That should be sufficient to cut down on folks spoofing numbers that didn't belong to them yet would also allow a person to use any of their phone's CID's with any of their other phones. Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/ New toy: Voice over ip phone. Sounds much better than an analog phone. http://www.wsrcc.com/wolfgang/voip.html ------------------------------ From: Destined Subject: Re: Spreading Spam Date: Thu, 02 Sep 2004 16:04:05 -0700 Eric Friedebach wrote: > Scott Woolley, 09.01.04, Forbes.com > LOS ANGELES - This June a barrage of spam popped up in 152,000 > in-boxes. They pitched the standard stuff: One was an advertisement > for the "Top Drug Store Online," another offered mortgage refinancing, > another spy equipment for getting "the evidence on your in-laws." And, > of course, many pitched porn. But one thing made the spam unusual: It > was delivered not to regular e-mail in-boxes but via text messaging to > Verizon Wireless cell phone service. > Once an affliction confined to e-mail boxes, spam is spreading. > Besides cell phones, innovative spammers are beginning to experiment > with a technology known as voice-over-Internet Protocol, or VoIP, that > lets people send phone calls over the Internet. > http://www.forbes.com/wireless/2004/09/01/cz_sw_0901spam.html > Eric Friedebach > /Favorite OnStar commercial: crying woman drops keys in toilet/ > [TELECOM Digest Editor's Note: This is very depressing, isn't it ... > The ratio of spam to valid email continues to rise. Is the net (as a > whole body) now up to the 90 percent mark yet? I know I have seen > reports in the recent past setting it at about 80-85 percent of the > total volume of email; I know here at telecom-digest.org it has > floated along at about 85-90 percent for several months, especially > on weekends when valid email drops off as people take time off from > work or school, etc. A three day holiday weekend as is now approaching > will surely send the spam count sky high. PAT] I tend to get in my email boxes (Free hotmail/YAHOO/Mail.com) about the same time frame of spam ... Just wish I could figure out how to curtail it? Been thinking of using Bayesian Filtering but not sure how Effective it would with email. Now if I could find a news reader with Bayesian filter; that would be cool. Jeremy <> ------------------------------ From: John McHarry Subject: Re: Party Lines No More? Date: Fri, 03 Sep 2004 02:57:04 GMT Organization: EarthLink Inc. -- http://www.EarthLink.net Lisa Hancock wrote: > For the younger readers: Years ago installing individual copper phone > lines to each subscriber was very expensive. So subscribers shared a > line in an arrangement known as the "party line". This was particu- > larly common in rural areas where the lines had long runs. As > technology improved (such as concentrators and carrier circuits), > party lines were reduced. > Some Verizon engineers told me they doubt party lines exist anywhere > in the U.S. anymore for the following reasons: > 1) Universal Service Fee: The high expense of rural lines is subsidized > by other customers. > 2) Low cost fibre: They said they were a low cost fibre system that > could economically handle rural service. > If any lines still exist they may be from private rural cooperative > phone companies in isolated places, or from subscribers who could get > private line service but just don't bother to save a $1 a month. A number of years ago, the situation was that party lines actually cost the telco more than private lines, but they were worried that eliminating the service would result in their having to charge everyone the party line rate, instead of vice versa. New party lines were actually bridged at the CO, that being cheaper than field bridges. To discourage such subscriptions telcos kept a list of "killer little old ladies" who were used to obnox the bridged parrty into private line service. I lived in upstate NY and had a party line because it was the cheapest way to get flat rate service between home and work. I dealt with the old bitch by grounding tip for a while. Amazing what a miles long ground loop will do. ------------------------------ Date: Fri, 3 Sep 2004 00:42:53 EDT From: TELECOM Digest Editor Subject: September Share Day Instead of changing the Digest over to an advrtising supported forum, I have always elected to keep it as a user supported forum, and for the most part keep it spam and virus free. I am *only* able to do this because of financial support from readers here, and if you would rather not see these messages every month, then please pitch in and help now and then! Consider it sort of like public radio, which goes on for days at a time trying to raise money ... and maybe I should adopt the same system. Turn over the entire Digest once or twice a year to fund raising (entire issues, etc) and stop doing it when the budget for the year has been raised. But for now, I will stick with the present system of devoting a few messages at the end of each month to raising money for the Digest publication expenses. Out of 400-500 messages per month, in a spam, virus free environment, two or three (only) devoted to fund raising. You know who you are; please provide some help here financially. You can use Pay Pal to donate with a credit/debit card by going to our web site http://telecom-digest.org and at the bottom of the home page look for the PayPal 'donate' button. Or if you prefer, send a check or money order to Patrick Townson/TELECOM, Post Office Box 50, Independence, Kansas 67301-0050. The amount you send is entirely up to you. You know best how much you can afford and whether or not this Digest has any value for you. Thank you very much. Patrick Townson, Editor/Publisher TELECOM Digest ------------------------------ TELECOM Digest is an electronic journal devoted mostly but not exclusively to telecommunications topics. It is circulated anywhere there is email, in addition to various telecom forums on a variety of networks such as Compuserve and America On Line, Yahoo Groups, and other forums. It is also gatewayed to Usenet where it appears as the moderated newsgroup 'comp.dcom.telecom'. TELECOM Digest is a not-for-profit, mostly non-commercial educational service offered to the Internet by Patrick Townson. All the contents of the Digest are compilation-copyrighted. You may reprint articles in some other media on an occasional basis, but please attribute my work and that of the original author. Contact information: Patrick Townson/TELECOM Digest Post Office Box 50 Independence, KS 67301 Phone: 620-402-0134 Fax 1: 775-255-9970 Fax 2: 530-309-7234 Fax 3: 208-692-5145 Email: editor@telecom-digest.org Subscribe: telecom-subscribe@telecom-digest.org Unsubscribe:telecom-unsubscribe@telecom-digest.org This Digest is the oldest continuing e-journal about telecomm- unications on the Internet, having been founded in August, 1981 and published continuously since then. Our archives are available for your review/research. We believe we are the oldest e-zine/mailing list on the internet in any category! URL information: http://telecom-digest.org Anonymous FTP: mirror.lcs.mit.edu/telecom-archives/archives/ (or use our mirror site: ftp.epix.net/pub/telecom-archives) Email <==> FTP: telecom-archives@telecom-digest.org Send a simple, one line note to that automated address for a help file on how to use the automatic retrieval system for archives files. You can get desired files in email. ************************************************************************* * TELECOM Digest is partially funded by a grant from * * Judith Oppenheimer, President of ICB Inc. and purveyor of accurate * * 800 & Dot Com News, Intelligence, Analysis, and Consulting. * * http://ICBTollFree.com, http://1800TheExpert.com * * Views expressed herein should not be construed as representing * * views of Judith Oppenheimer or ICB Inc. * ************************************************************************* ICB Toll Free News. Contact information is not sold, rented or leased. One click a day feeds a person a meal. Go to http://www.thehungersite.com Copyright 2004 ICB, Inc. and TELECOM Digest. All rights reserved. Our attorney is Bill Levant, of Blue Bell, PA. ************************ DIRECTORY ASSISTANCE JUST 65 CENTS ONE OR TWO INQUIRIES CHARGED TO YOUR CREDIT CARD! REAL TIME, UP TO DATE! SPONSORED BY TELECOM DIGEST AND EASY411.COM SIGN UP AT http://www.easy411.com/telecomdigest ! ************************ --------------------------------------------------------------- Finally, the Digest is funded by gifts from generous readers such as yourself who provide funding in amounts deemed appropriate. Your help is important and appreciated. A suggested donation of fifty dollars per year per reader is considered appropriate. See our address above. Please make at least a single donation to cover the cost of processing your name to the mailing list. All opinions expressed herein are deemed to be those of the author. Any organizations listed are for identification purposes only and messages should not be considered any official expression by the organization. End of TELECOM Digest V23 #411 ******************************